Wordfence – security for WordPress sites

I’m back. I know I’ve been intermittent at best – sorry I’ve been busy. But I have a few items that I’m hoping to share in the upcoming weeks.

Today – I’m all about security for WordPress sites. I know that might not be of interest to everyone – but I’m hoping it will be very helpful to some folks.

I’ll start by saying if you have a site on WordPress.com, they are responsible for security, which is one benefit of their free hosting. If you have a website hosted somewhere else and you are using WordPress you might want to increase security with site protection. I’ve been noticing more hacking attempts lately – so I thought it was worth checking out. I am now going with Wordfence: http://wordpress.org/extend/plugins/wordfence/

It’s free. You download it as you would any other plugin. It works with WordPress multisite. Once it’s set up it scans your site hourly for a range of nastiness. (You can get a more specific list on the Wordfence website.)

Once you install and activate it, you will notice it as part of the WordPress dashboard. Here you can set up options. To start, you can add an email address to receive any scan warnings. You can also increase or decrease security based on your needs. I do suggest adding firewall rules. (You can learn why they don’t add that option by default here: http://www.wordfence.com/forums/topic/no-default-firewall-rules-in-latest-version/)

I’ve added Wordfence to a number of sites. It’s caught minor things – like the need to update plugins and other options. So that’s good. It has also made me look at some changed code, which thankfully turned out to be code I had changed myself.

While nothing is foolproof, I must admit I’m breathing a little easier knowing I have some line of defense in place to protect clients’ sites.